googleauth 0.14.0 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (80) hide show
  1. checksums.yaml +4 -4
  2. data/.yardopts +11 -0
  3. data/CHANGELOG.md +72 -10
  4. data/README.md +48 -13
  5. data/SECURITY.md +7 -0
  6. data/lib/googleauth/application_default.rb +10 -25
  7. data/lib/googleauth/client_id.rb +10 -25
  8. data/lib/googleauth/compute_engine.rb +16 -30
  9. data/lib/googleauth/credentials.rb +178 -74
  10. data/lib/googleauth/credentials_loader.rb +23 -44
  11. data/lib/googleauth/default_credentials.rb +10 -25
  12. data/lib/googleauth/iam.rb +11 -26
  13. data/lib/googleauth/id_tokens/errors.rb +9 -23
  14. data/lib/googleauth/id_tokens/key_sources.rb +26 -38
  15. data/lib/googleauth/id_tokens/verifier.rb +16 -32
  16. data/lib/googleauth/id_tokens.rb +9 -23
  17. data/lib/googleauth/json_key_reader.rb +10 -25
  18. data/lib/googleauth/scope_util.rb +11 -26
  19. data/lib/googleauth/service_account.rb +60 -59
  20. data/lib/googleauth/signet.rb +22 -28
  21. data/lib/googleauth/stores/file_token_store.rb +11 -25
  22. data/lib/googleauth/stores/redis_token_store.rb +11 -25
  23. data/lib/googleauth/token_store.rb +10 -25
  24. data/lib/googleauth/user_authorizer.rb +10 -25
  25. data/lib/googleauth/user_refresh.rb +15 -27
  26. data/lib/googleauth/version.rb +11 -26
  27. data/lib/googleauth/web_user_authorizer.rb +14 -32
  28. data/lib/googleauth.rb +10 -25
  29. metadata +26 -97
  30. data/.github/CODEOWNERS +0 -7
  31. data/.github/CONTRIBUTING.md +0 -74
  32. data/.github/ISSUE_TEMPLATE/bug_report.md +0 -36
  33. data/.github/ISSUE_TEMPLATE/feature_request.md +0 -21
  34. data/.github/ISSUE_TEMPLATE/support_request.md +0 -7
  35. data/.gitignore +0 -36
  36. data/.kokoro/build.bat +0 -16
  37. data/.kokoro/build.sh +0 -4
  38. data/.kokoro/continuous/common.cfg +0 -24
  39. data/.kokoro/continuous/linux.cfg +0 -25
  40. data/.kokoro/continuous/osx.cfg +0 -8
  41. data/.kokoro/continuous/post.cfg +0 -30
  42. data/.kokoro/continuous/windows.cfg +0 -29
  43. data/.kokoro/osx.sh +0 -4
  44. data/.kokoro/presubmit/common.cfg +0 -24
  45. data/.kokoro/presubmit/linux.cfg +0 -24
  46. data/.kokoro/presubmit/osx.cfg +0 -8
  47. data/.kokoro/presubmit/windows.cfg +0 -29
  48. data/.kokoro/release.cfg +0 -94
  49. data/.kokoro/trampoline.bat +0 -10
  50. data/.kokoro/trampoline.sh +0 -4
  51. data/.repo-metadata.json +0 -5
  52. data/.rspec +0 -2
  53. data/.rubocop.yml +0 -19
  54. data/Gemfile +0 -30
  55. data/Rakefile +0 -132
  56. data/googleauth.gemspec +0 -38
  57. data/integration/helper.rb +0 -31
  58. data/integration/id_tokens/key_source_test.rb +0 -74
  59. data/rakelib/devsite_builder.rb +0 -45
  60. data/rakelib/link_checker.rb +0 -64
  61. data/rakelib/repo_metadata.rb +0 -59
  62. data/spec/googleauth/apply_auth_examples.rb +0 -171
  63. data/spec/googleauth/client_id_spec.rb +0 -160
  64. data/spec/googleauth/compute_engine_spec.rb +0 -160
  65. data/spec/googleauth/credentials_spec.rb +0 -478
  66. data/spec/googleauth/get_application_default_spec.rb +0 -286
  67. data/spec/googleauth/iam_spec.rb +0 -80
  68. data/spec/googleauth/scope_util_spec.rb +0 -77
  69. data/spec/googleauth/service_account_spec.rb +0 -489
  70. data/spec/googleauth/signet_spec.rb +0 -142
  71. data/spec/googleauth/stores/file_token_store_spec.rb +0 -57
  72. data/spec/googleauth/stores/redis_token_store_spec.rb +0 -50
  73. data/spec/googleauth/stores/store_examples.rb +0 -58
  74. data/spec/googleauth/user_authorizer_spec.rb +0 -343
  75. data/spec/googleauth/user_refresh_spec.rb +0 -359
  76. data/spec/googleauth/web_user_authorizer_spec.rb +0 -172
  77. data/spec/spec_helper.rb +0 -92
  78. data/test/helper.rb +0 -33
  79. data/test/id_tokens/key_sources_test.rb +0 -240
  80. data/test/id_tokens/verifier_test.rb +0 -269
@@ -1,478 +0,0 @@
1
- # Copyright 2017, Google Inc.
2
- # All rights reserved.
3
- #
4
- # Redistribution and use in source and binary forms, with or without
5
- # modification, are permitted provided that the following conditions are
6
- # met:
7
- #
8
- # * Redistributions of source code must retain the above copyright
9
- # notice, this list of conditions and the following disclaimer.
10
- # * Redistributions in binary form must reproduce the above
11
- # copyright notice, this list of conditions and the following disclaimer
12
- # in the documentation and/or other materials provided with the
13
- # distribution.
14
- # * Neither the name of Google Inc. nor the names of its
15
- # contributors may be used to endorse or promote products derived from
16
- # this software without specific prior written permission.
17
- #
18
- # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19
- # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20
- # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21
- # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22
- # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23
- # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24
- # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25
- # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26
- # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27
- # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28
- # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
-
30
- require "googleauth"
31
-
32
-
33
- # This test is testing the private class Google::Auth::Credentials. We want to
34
- # make sure that the passed in scope propogates to the Signet object. This means
35
- # testing the private API, which is generally frowned on.
36
- describe Google::Auth::Credentials, :private do
37
- let :default_keyfile_hash do
38
- {
39
- "private_key_id" => "testabc1234567890xyz",
40
- "private_key" => "-----BEGIN RSA PRIVATE KEY-----\nMIIBOwIBAAJBAOyi0Hy1l4Ym2m2o71Q0TF4O9E81isZEsX0bb+Bqz1SXEaSxLiXM\nUZE8wu0eEXivXuZg6QVCW/5l+f2+9UPrdNUCAwEAAQJAJkqubA/Chj3RSL92guy3\nktzeodarLyw8gF8pOmpuRGSiEo/OLTeRUMKKD1/kX4f9sxf3qDhB4e7dulXR1co/\nIQIhAPx8kMW4XTTL6lJYd2K5GrH8uBMp8qL5ya3/XHrBgw3dAiEA7+3Iw3ULTn2I\n1J34WlJ2D5fbzMzB4FAHUNEV7Ys3f1kCIQDtUahCMChrl7+H5t9QS+xrn77lRGhs\nB50pjvy95WXpgQIhAI2joW6JzTfz8fAapb+kiJ/h9Vcs1ZN3iyoRlNFb61JZAiA8\nNy5NyNrMVwtB/lfJf1dAK/p/Bwd8LZLtgM6PapRfgw==\n-----END RSA PRIVATE KEY-----\n",
41
- "client_email" => "credz-testabc1234567890xyz@developer.gserviceaccount.com",
42
- "client_id" => "credz-testabc1234567890xyz.apps.googleusercontent.com",
43
- "type" => "service_account",
44
- "project_id" => "a_project_id",
45
- "quota_project_id" => "b_project_id"
46
- }
47
- end
48
-
49
- it "uses a default scope" do
50
- mocked_signet = double "Signet::OAuth2::Client"
51
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
52
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
53
- allow(mocked_signet).to receive(:client_id)
54
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
55
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
56
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
57
- expect(options[:scope]).to eq([])
58
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
59
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
60
-
61
- mocked_signet
62
- end
63
-
64
- Google::Auth::Credentials.new default_keyfile_hash
65
- end
66
-
67
- it "uses a custom scope" do
68
- mocked_signet = double "Signet::OAuth2::Client"
69
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
70
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
71
- allow(mocked_signet).to receive(:client_id)
72
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
73
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
74
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
75
- expect(options[:scope]).to eq(["http://example.com/scope"])
76
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
77
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
78
-
79
- mocked_signet
80
- end
81
-
82
- Google::Auth::Credentials.new default_keyfile_hash, scope: "http://example.com/scope"
83
- end
84
-
85
- describe "using CONSTANTS" do
86
- it "can be subclassed to pass in other env paths" do
87
- test_path_env_val = "/unknown/path/to/file.txt".freeze
88
- test_json_env_val = JSON.generate default_keyfile_hash
89
-
90
- ENV["TEST_PATH"] = test_path_env_val
91
- ENV["TEST_JSON_VARS"] = test_json_env_val
92
-
93
- class TestCredentials1 < Google::Auth::Credentials
94
- TOKEN_CREDENTIAL_URI = "https://example.com/token".freeze
95
- AUDIENCE = "https://example.com/audience".freeze
96
- SCOPE = "http://example.com/scope".freeze
97
- PATH_ENV_VARS = ["TEST_PATH"].freeze
98
- JSON_ENV_VARS = ["TEST_JSON_VARS"].freeze
99
- end
100
-
101
- allow(::File).to receive(:file?).with(test_path_env_val) { false }
102
- allow(::File).to receive(:file?).with(test_json_env_val) { false }
103
-
104
- mocked_signet = double "Signet::OAuth2::Client"
105
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
106
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
107
- allow(mocked_signet).to receive(:client_id)
108
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
109
- expect(options[:token_credential_uri]).to eq("https://example.com/token")
110
- expect(options[:audience]).to eq("https://example.com/audience")
111
- expect(options[:scope]).to eq(["http://example.com/scope"])
112
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
113
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
114
-
115
- mocked_signet
116
- end
117
-
118
- creds = TestCredentials1.default
119
- expect(creds).to be_a_kind_of(TestCredentials1)
120
- expect(creds.client).to eq(mocked_signet)
121
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
122
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
123
- end
124
-
125
- it "subclasses can use PATH_ENV_VARS to get keyfile path" do
126
- class TestCredentials2 < Google::Auth::Credentials
127
- SCOPE = "http://example.com/scope".freeze
128
- PATH_ENV_VARS = %w[PATH_ENV_DUMMY PATH_ENV_TEST].freeze
129
- JSON_ENV_VARS = ["JSON_ENV_DUMMY"].freeze
130
- DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
131
- end
132
-
133
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
134
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
135
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
136
- allow(::ENV).to receive(:[]).with("PATH_ENV_TEST") { "/unknown/path/to/file.txt" }
137
- allow(::File).to receive(:file?).with("/unknown/path/to/file.txt") { true }
138
- allow(::File).to receive(:read).with("/unknown/path/to/file.txt") { JSON.generate default_keyfile_hash }
139
-
140
- mocked_signet = double "Signet::OAuth2::Client"
141
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
142
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
143
- allow(mocked_signet).to receive(:client_id)
144
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
145
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
146
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
147
- expect(options[:scope]).to eq(["http://example.com/scope"])
148
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
149
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
150
-
151
- mocked_signet
152
- end
153
-
154
- creds = TestCredentials2.default
155
- expect(creds).to be_a_kind_of(TestCredentials2)
156
- expect(creds.client).to eq(mocked_signet)
157
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
158
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
159
- end
160
-
161
- it "subclasses can use JSON_ENV_VARS to get keyfile contents" do
162
- test_json_env_val = JSON.generate default_keyfile_hash
163
-
164
- class TestCredentials3 < Google::Auth::Credentials
165
- SCOPE = "http://example.com/scope".freeze
166
- PATH_ENV_VARS = ["PATH_ENV_DUMMY"].freeze
167
- JSON_ENV_VARS = %w[JSON_ENV_DUMMY JSON_ENV_TEST].freeze
168
- DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
169
- end
170
-
171
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
172
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
173
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
174
- allow(::File).to receive(:file?).with(test_json_env_val) { false }
175
- allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
176
- allow(::ENV).to receive(:[]).with("JSON_ENV_TEST") { test_json_env_val }
177
-
178
- mocked_signet = double "Signet::OAuth2::Client"
179
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
180
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
181
- allow(mocked_signet).to receive(:client_id)
182
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
183
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
184
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
185
- expect(options[:scope]).to eq(["http://example.com/scope"])
186
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
187
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
188
-
189
- mocked_signet
190
- end
191
-
192
- creds = TestCredentials3.default
193
- expect(creds).to be_a_kind_of(TestCredentials3)
194
- expect(creds.client).to eq(mocked_signet)
195
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
196
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
197
- end
198
-
199
- it "subclasses can use DEFAULT_PATHS to get keyfile path" do
200
- class TestCredentials4 < Google::Auth::Credentials
201
- SCOPE = "http://example.com/scope".freeze
202
- PATH_ENV_VARS = ["PATH_ENV_DUMMY"].freeze
203
- JSON_ENV_VARS = ["JSON_ENV_DUMMY"].freeze
204
- DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
205
- end
206
-
207
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
208
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
209
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
210
- allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
211
- allow(::File).to receive(:file?).with("~/default/path/to/file.txt") { true }
212
- allow(::File).to receive(:read).with("~/default/path/to/file.txt") { JSON.generate default_keyfile_hash }
213
-
214
- mocked_signet = double "Signet::OAuth2::Client"
215
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
216
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
217
- allow(mocked_signet).to receive(:client_id)
218
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
219
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
220
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
221
- expect(options[:scope]).to eq(["http://example.com/scope"])
222
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
223
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
224
-
225
- mocked_signet
226
- end
227
-
228
- creds = TestCredentials4.default
229
- expect(creds).to be_a_kind_of(TestCredentials4)
230
- expect(creds.client).to eq(mocked_signet)
231
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
232
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
233
- end
234
-
235
- it "subclasses that find no matches default to Google::Auth.get_application_default" do
236
- class TestCredentials5 < Google::Auth::Credentials
237
- SCOPE = "http://example.com/scope".freeze
238
- PATH_ENV_VARS = ["PATH_ENV_DUMMY"].freeze
239
- JSON_ENV_VARS = ["JSON_ENV_DUMMY"].freeze
240
- DEFAULT_PATHS = ["~/default/path/to/file.txt"].freeze
241
- end
242
-
243
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
244
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
245
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
246
- allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
247
- allow(::File).to receive(:file?).with("~/default/path/to/file.txt") { false }
248
-
249
- mocked_signet = double "Signet::OAuth2::Client"
250
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
251
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
252
- allow(mocked_signet).to receive(:client_id)
253
- allow(Google::Auth).to receive(:get_application_default) do |scope|
254
- expect(scope).to eq([TestCredentials5::SCOPE])
255
-
256
- # This should really be a Signet::OAuth2::Client object,
257
- # but mocking is making that difficult, so return a valid hash instead.
258
- default_keyfile_hash
259
- end
260
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
261
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
262
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
263
- expect(options[:scope]).to eq(["http://example.com/scope"])
264
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
265
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
266
-
267
- mocked_signet
268
- end
269
-
270
- creds = TestCredentials5.default
271
- expect(creds).to be_a_kind_of(TestCredentials5)
272
- expect(creds.client).to eq(mocked_signet)
273
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
274
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
275
- end
276
- end
277
-
278
- describe "using class methods" do
279
- it "can be subclassed to pass in other env paths" do
280
- test_path_env_val = "/unknown/path/to/file.txt".freeze
281
- test_json_env_val = JSON.generate default_keyfile_hash
282
-
283
- ENV["TEST_PATH"] = test_path_env_val
284
- ENV["TEST_JSON_VARS"] = test_json_env_val
285
-
286
- class TestCredentials11 < Google::Auth::Credentials
287
- self.token_credential_uri = "https://example.com/token"
288
- self.audience = "https://example.com/audience"
289
- self.scope = "http://example.com/scope"
290
- self.env_vars = ["TEST_PATH", "TEST_JSON_VARS"]
291
- end
292
-
293
- allow(::File).to receive(:file?).with(test_path_env_val) { false }
294
- allow(::File).to receive(:file?).with(test_json_env_val) { false }
295
-
296
- mocked_signet = double "Signet::OAuth2::Client"
297
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
298
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
299
- allow(mocked_signet).to receive(:client_id)
300
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
301
- expect(options[:token_credential_uri]).to eq("https://example.com/token")
302
- expect(options[:audience]).to eq("https://example.com/audience")
303
- expect(options[:scope]).to eq(["http://example.com/scope"])
304
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
305
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
306
-
307
- mocked_signet
308
- end
309
-
310
- creds = TestCredentials11.default
311
- expect(creds).to be_a_kind_of(TestCredentials11)
312
- expect(creds.client).to eq(mocked_signet)
313
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
314
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
315
- end
316
-
317
- it "subclasses can use PATH_ENV_VARS to get keyfile path" do
318
- class TestCredentials12 < Google::Auth::Credentials
319
- self.scope = "http://example.com/scope"
320
- self.env_vars = %w[PATH_ENV_DUMMY PATH_ENV_TEST JSON_ENV_DUMMY]
321
- self.paths = ["~/default/path/to/file.txt"]
322
- end
323
-
324
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
325
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
326
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
327
- allow(::ENV).to receive(:[]).with("PATH_ENV_TEST") { "/unknown/path/to/file.txt" }
328
- allow(::File).to receive(:file?).with("/unknown/path/to/file.txt") { true }
329
- allow(::File).to receive(:read).with("/unknown/path/to/file.txt") { JSON.generate default_keyfile_hash }
330
-
331
- mocked_signet = double "Signet::OAuth2::Client"
332
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
333
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
334
- allow(mocked_signet).to receive(:client_id)
335
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
336
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
337
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
338
- expect(options[:scope]).to eq(["http://example.com/scope"])
339
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
340
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
341
-
342
- mocked_signet
343
- end
344
-
345
- creds = TestCredentials12.default
346
- expect(creds).to be_a_kind_of(TestCredentials12)
347
- expect(creds.client).to eq(mocked_signet)
348
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
349
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
350
- end
351
-
352
- it "subclasses can use JSON_ENV_VARS to get keyfile contents" do
353
- test_json_env_val = JSON.generate default_keyfile_hash
354
-
355
- class TestCredentials13 < Google::Auth::Credentials
356
- self.scope = "http://example.com/scope"
357
- self.env_vars = %w[PATH_ENV_DUMMY JSON_ENV_DUMMY JSON_ENV_TEST]
358
- self.paths = ["~/default/path/to/file.txt"]
359
- end
360
-
361
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
362
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
363
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
364
- allow(::File).to receive(:file?).with(test_json_env_val) { false }
365
- allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
366
- allow(::ENV).to receive(:[]).with("JSON_ENV_TEST") { test_json_env_val }
367
-
368
- mocked_signet = double "Signet::OAuth2::Client"
369
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
370
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
371
- allow(mocked_signet).to receive(:client_id)
372
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
373
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
374
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
375
- expect(options[:scope]).to eq(["http://example.com/scope"])
376
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
377
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
378
-
379
- mocked_signet
380
- end
381
-
382
- creds = TestCredentials13.default
383
- expect(creds).to be_a_kind_of(TestCredentials13)
384
- expect(creds.client).to eq(mocked_signet)
385
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
386
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
387
- end
388
-
389
- it "subclasses can use DEFAULT_PATHS to get keyfile path" do
390
- class TestCredentials14 < Google::Auth::Credentials
391
- self.scope = "http://example.com/scope"
392
- self.env_vars = %w[PATH_ENV_DUMMY JSON_ENV_DUMMY]
393
- self.paths = ["~/default/path/to/file.txt"]
394
- end
395
-
396
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
397
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
398
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
399
- allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
400
- allow(::File).to receive(:file?).with("~/default/path/to/file.txt") { true }
401
- allow(::File).to receive(:read).with("~/default/path/to/file.txt") { JSON.generate default_keyfile_hash }
402
-
403
- mocked_signet = double "Signet::OAuth2::Client"
404
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
405
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
406
- allow(mocked_signet).to receive(:client_id)
407
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
408
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
409
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
410
- expect(options[:scope]).to eq(["http://example.com/scope"])
411
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
412
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
413
-
414
- mocked_signet
415
- end
416
-
417
- creds = TestCredentials14.default
418
- expect(creds).to be_a_kind_of(TestCredentials14)
419
- expect(creds.client).to eq(mocked_signet)
420
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
421
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
422
- end
423
-
424
- it "subclasses that find no matches default to Google::Auth.get_application_default" do
425
- class TestCredentials15 < Google::Auth::Credentials
426
- self.scope = "http://example.com/scope"
427
- self.env_vars = %w[PATH_ENV_DUMMY JSON_ENV_DUMMY]
428
- self.paths = ["~/default/path/to/file.txt"]
429
- end
430
-
431
- allow(::ENV).to receive(:[]).with("GOOGLE_AUTH_SUPPRESS_CREDENTIALS_WARNINGS") { "true" }
432
- allow(::ENV).to receive(:[]).with("PATH_ENV_DUMMY") { "/fake/path/to/file.txt" }
433
- allow(::File).to receive(:file?).with("/fake/path/to/file.txt") { false }
434
- allow(::ENV).to receive(:[]).with("JSON_ENV_DUMMY") { nil }
435
- allow(::File).to receive(:file?).with("~/default/path/to/file.txt") { false }
436
-
437
- mocked_signet = double "Signet::OAuth2::Client"
438
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
439
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
440
- allow(mocked_signet).to receive(:client_id)
441
- allow(Google::Auth).to receive(:get_application_default) do |scope|
442
- expect(scope).to eq(TestCredentials15.scope)
443
-
444
- # This should really be a Signet::OAuth2::Client object,
445
- # but mocking is making that difficult, so return a valid hash instead.
446
- default_keyfile_hash
447
- end
448
- allow(Signet::OAuth2::Client).to receive(:new) do |options|
449
- expect(options[:token_credential_uri]).to eq("https://oauth2.googleapis.com/token")
450
- expect(options[:audience]).to eq("https://oauth2.googleapis.com/token")
451
- expect(options[:scope]).to eq(["http://example.com/scope"])
452
- expect(options[:issuer]).to eq(default_keyfile_hash["client_email"])
453
- expect(options[:signing_key]).to be_a_kind_of(OpenSSL::PKey::RSA)
454
-
455
- mocked_signet
456
- end
457
-
458
- creds = TestCredentials15.default
459
- expect(creds).to be_a_kind_of(TestCredentials15)
460
- expect(creds.client).to eq(mocked_signet)
461
- expect(creds.project_id).to eq(default_keyfile_hash["project_id"])
462
- expect(creds.quota_project_id).to eq(default_keyfile_hash["quota_project_id"])
463
- end
464
- end
465
-
466
- it "warns when cloud sdk credentials are used" do
467
- mocked_signet = double "Signet::OAuth2::Client"
468
- allow(mocked_signet).to receive(:configure_connection).and_return(mocked_signet)
469
- allow(mocked_signet).to receive(:fetch_access_token!).and_return(true)
470
- allow(Signet::OAuth2::Client).to receive(:new) do |_options|
471
- mocked_signet
472
- end
473
- allow(mocked_signet).to receive(:client_id).and_return(Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID)
474
- expect { Google::Auth::Credentials.new default_keyfile_hash }.to output(
475
- Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING + "\n"
476
- ).to_stderr
477
- end
478
- end